With heavy economic sanctions being levied against Moscow by Western allies, officials fear broader cyberattacks could occur in retaliation for these measures or other moves supporting Ukraine. Governments and intelligence agencies have warned that nearly all organizations are at risk from Russian cyberthreats, whether state-sponsored or led by criminal organizations.
Although malicious actors may strike at any institution, they are most likely to target supply chain and financial institutions due to their impact on the American economy. Sectors at risk include defense and critical infrastructure (e.g., utilities, manufacturing, healthcare, energy, food supply), financial institutions, retail companies, technology firms, and cryptocurrency exchanges.
An Unpredictable Cyberthreat Environment
Business leaders, CISOs, and security operations personnel need to be concerned not only with hackers penetrating their defenses on behalf of the Russian state but also criminal elements taking advantage of the current tumult to line their pockets.
Ransomware attacks have become rampant in recent years with Russian hackers playing a prominent role. In their most recent Crypto Crime Report, Chainalysis reported that approximately 74% of 2021’s ransomware revenue - over $400 million – went to attackers who were highly likely to be affiliated with Russia.
In 2020, Russian hackers carried out perhaps the largest and most sophisticated cyberattack in history by breaching 18,000 computer networks through malware inserted into a software update for a SolarWinds product. The breach allowed hackers access to top-level communications from thousands of private companies and government agencies, including the U.S. Departments of Justice, State, Treasury, Energy, and Commerce.
Expect an Attack, Strengthen Your Defenses
With Russian cyberattacks becoming increasingly common over the last 15 years, businesses should expect an attack in the near future and be prepared to defend themselves. Such an attack could be retaliatory or simply because the bad actor finds the timing of the Russian invasion advantageous. Organizations can utilize the following strategies to ensure their systems are secure against a cyberattack.
- Patch vulnerabilities! The vast majority (99.7%) of vulnerabilities identified in CISA’s Known Exploited Vulnerabilities Catalog can be patched. Prioritize patching by common attack vectors. Then configure updates and manually patch where necessary. Scan for CISA’s Known Exploited Vulnerabilities and repeat regularly.
- Closely monitor logs by checking for patterns and outliers. Investing in a Security Information and Event Management (SIEM) solution can provide valuable insights into what is going on inside of a network.
- Control web traffic through firewalls, web content control and DNS content filtering.
- Secure your applications through cloud applications and accounts. Multi-factor authentication is the most important safeguard a user can implement.
- Back up your systems and test your backups! A backup that hasn’t been tested is just an expensive doorstop.
- Manage the human element. This is inevitably the most difficult task. A study by IBM showed human error to be a primary factor in up to 95% of all cybersecurity breaches. Proper user training is imperative in the fight against cybercrime. Mandating password changes using unique passwords, setting account lock-out protocols and performing social engineering tests are critical.
- Utilize a cybersecurity framework. ISO 27001, NIST 800-53, CIS Controls Framework, or the new Cybersecurity Maturity Model Certification (CMMC) will provide a repeatable and known set of standards to build policies, procedures, and practices to ensure reliable results.
Do Your Part to Prevent Cyberattacks
As security professionals work to safeguard their enterprise, each of us can take steps to protect our own devices and data. As individuals, we can ensure our devices are up-to-date, be mindful of suspicious email, use multi-factor authentication and avoid reusing the same password. By taking protective measures now, future mitigation steps will be less painful and perhaps unnecessary.